This comes after an international hacker group offers to sell a ‘full country’ credit database containing ‘very sensitive information’
[HO CHI MINH CITY] A suspected data breach has been identified at the Vietnam National Credit Information Center (CIC), according to a press release issued by a police agency on Thursday (Sep 11).
The volume of data illegally obtained is being determined, said the Vietnam Computer Emergency Response Team (VNCERT). It is a unit of the Department of Cybersecurity and Prevention of Hi-tech Crimes under Vietnam’s Ministry of Public Security, often referred to as “A05”.
The agency urged all organisations and individuals not to download, distribute, exploit, or make use of the leaked data.
In a separate letter sent to the heads of financial institutions in Vietnam on the same day, CIC – a body under the State Bank of Vietnam – acknowledged that the credit information database system may have been attacked by the hacker group named ShinyHunters, which posted the data up for sale on an international forum on Sep 9.
“Currently, the incident has not caused any damage or loss. The CIC’s credit information service system is still operating normally,” it noted.
Its official website, cic.gov.vn, could not be accessed at the time of writing.
A NEWSLETTER FOR YOU
Friday, 8.30 am
Asean Business
Business insights centering on South-east Asia’s fast-growing economies.
CIC serves as Vietnam’s national credit registry, responsible for collecting, processing, storing, and analysing credit information of individuals and institutions in Vietnam.
A report from DataBreaches.Net on Sep 8 revealed that the hacker provided a large data sample and demanded US$175,000 for the full database.
ShinyHunters described it as “full country” with more than 160 million records containing “very sensitive information”. They include general personally identifiable information, credit payment, risks analysis, credit cards, tax indentification numbers, income statements, and debts owned.
The hacker’s original post on the cybercrime forum called “Breachstars” is no longer available.
CIC noted that its task force on cybersecurity incident response is working with A05 and partners such as state-owned Vietnam Posts and Telecommunications Group and millitary-run telecommunications corporation Viettel Group to inspect and implement enhanced security measures.
They are also investigating the root cause of the potential data breach to take corrective actions.
ShinyHunters, a hacker group that first emerged in 2020, has gained notoriety for high-profile data breaches, with claimed attacks on major global companies such as Google, AT&T, Microsoft, and Allianz.
